Knowledge Base

Automated Browsing Protection

  • Updated

Automated Browsing Protection helps you identify and respond to unusually high activity from logged-in users. It's designed to reduce suspicious or automated-style browsing that can affect site performance or security. Once enabled, you can choose whether to audit, sign out, or disable repeat offenders, and review activity from the Automated Browsing Protection page.

NOTE: This feature applies to logged-in users only. It does not apply to anonymous visitors, and it uses a single shared limit across the OC web experience and oc-api.

How this feature works

When a logged-in user exceeds the configured request threshold limit, Automated Browsing Protection can take one of three actions based on your configured setting:

  • Audit only - Audits the event and notifies admins without signing the user out or disabling their account.
  • Log out - Audits and signs the user out.
  • Disable account - Audits and signs the user out; after the configured number of rate-limit logouts within the configured rolling time period, the user's account is disabled.

Email notifications are sent to admins when a violation occurs, and users can also receive email notices when they are signed out or disabled.

Common use cases

Automated Browsing Protection is useful when you want to:

  • reduce the impact of scripted or automated browsing behavior in your community;
  • add a response layer for accounts that generate unusually high request volume;
  • monitor suspicious activity before deciding whether to enforce a stronger action, such as sign-out or account disablement.

A common starting point is to use Audit only while you evaluate how often the limit is reached, then move to Log out or Disable account if you need stronger enforcement.

Enable & configure Automated Browsing Protection

  1. In the Admin Toolbar, click Admin.

Toolbar-Admin.png

  1. Navigate to Settings > Security > Automated Browsing Protection.
  2. Click the Settings tab.
  3. Check the Enable Automated Browsing Protection box.
  4. Choose the action you want to take when a member exceeds the limit:
    • Audit only (audit the event and notify admins via email)
    • Log out (audit and sign out the user)
    • Disable account (audit and sign out the user, then disable their account after repeated rate-limit logouts)
  5. If you choose Disable account, enter the number of logouts that will trigger account disablement and the rolling time period used for that threshold.
  6. Click Save Settings to apply your changes.
enable_automated_browsing_protection.png

NOTE: When Automated Browsing Protection is turned off, the related settings are hidden and no auditing is recorded.

Monitor & report on activity

The Activity Log tab helps admins review recent rate-limit events and understand what action Automated Browsing Protection took for a specific user. The page includes both an Activity Log tab and a Settings tab, so you can move between reviewing logged events and updating the protection policy.

Automated Browsing Protection Activity Log tab showing recent rate-limit events table and search box

What the table shows

Each row represents a recorded rate-limit event, and shows:

  • when the event occurred, 

  • which contact (user) triggered it, 

  • what action was taken, and 

  • the policy or request values in effect at the time of detection.

Use the options below the table to:

  • control how many entries are displayed per page (15, 25, 50, or 100)

  • customize the data columns shown

  • navigate between pages when more entries than the chosen limit is surpassed

activity-tab-table_controls.png

How to use this tab

Use the Activity Log tab to:

  • review recent detections;

  • confirm whether a detected event resulted in a logout or account disablement;

  • compare logged activity against the policy values that were active when the event occurred;

  • investigate whether a contact (user) exceeded the configured request maximum and how many logouts contributed toward disablement.

Search and sorting

You can click the magnifying glass icon above the table to expand a search that lets you narrow the list of visible log entries. The following columns are searchable:

  • Contact

  • Action

  • Policy at Detection

You can also sort the table by any of the available columns to help you find the logs you're most interested in reviewing. 

Click a column header to sort on that column's data; an up or down arrow icon displays to indicate the sort order.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Can’t find what you’re looking for?

Create a Case Call US Support